US7752659B2ExpiredUtilityPatentIndex 63
Packet filtering in a NIC to control antidote loading
Est. expiryFeb 14, 2025(expired)· nominal 20-yr term from priority
H04L 63/145
63
PatentIndex Score
2
Cited by
18
References
9
Claims
Abstract
A method and system is described for selectively downloading antidotes onto a client computer. The client computer is connected via a network interface card (NIC) to a network that contains an anti-virus server. The NIC is initially logically isolated from the client computer, thus permitting the NIC to autonomously examine packets to and from the client computer and the network. The NIC selectively accepts packets only from trusted Internet Protocol (IP) addresses that conform to a security format such as Internet Protocol Security (IPSec).
Claims
exact text as granted — not AI-modified1. A method comprising:
communicatively coupling a network interface card (NIC) to a network, wherein the NIC is capable of providing a network interface between a client computer and the network;
logically isolating the network interface card (NIC) from the client computer;
selectively accepting, by the NIC, one or more specialized data packets from the client computer, wherein the specialized data packets contain a fix to update a configuration of the NIC;
updating the configuration of the NIC, wherein the NIC is updated by applying the specialized data packets to configure the NIC to accept data packets only from an authorized address; and
enabling the NIC to accept network traffic by loading a secret code from the client computer into a register in the NIC, wherein the secret code is loaded prior to selectively accepting data packets from the authorized address.
2. The method of claim 1 , wherein the secret code is loaded into the NIC from a Basic Input/Output System (BIOS) in the client computer during a boot of the client computer, and wherein the secret code is loaded into the BIOS during a BIOS set-up.
3. The method of claim 1 , wherein the secret code is provided by an authorized network administrative server.
4. A computer program product, residing on a non-transitory computer readable storage medium, comprising:
program code for communicatively coupling a network interface card (NIC) to a network, wherein the NIC is capable of providing a network interface between a client computer and the network;
program code for logically isolating the network interface card (NIC) from the client computer;
program code for selectively accepting, by the NIC, one or more specialized data packets from the client computer, wherein the specialized data packets contain a fix to update a configuration of the NIC;
program code for updating the configuration of the NIC, wherein the NIC is updated by applying the specialized data packets to configure the NIC to accept Internet Protocol (IP) data packets only from an authorized IP address; and
program code for, prior to selectively accepting IP data packets from the authorized IP address, enabling the NIC to accept network traffic by loading a secret code from the client computer into a register in the NIC.
5. The computer program product of claim 4 , wherein the secret code is loaded into the NIC from a Basic Input/Output System (BIOS) in the client computer during a boot of the client computer, and wherein the secret code is loaded into the BIOS during a BIOS set-up.
6. The computer program product of claim 4 , wherein the secret code is provided by an authorized network administrative server.
7. A system comprising:
a network interface card (NIC) communicatively coupling a client computer to a network, wherein the NIC is logically isolated from the client computer, and wherein the NIC is configured for:
selectively accepting one or more specialized data packets from the client computer, wherein the specialized data packets contain a fix to update a configuration of the NIC;
updating the configuration of the NIC, wherein the NIC is updated by applying the specialized data packets to configure the NIC to accept Internet Protocol (IP) data packets only from an authorized IP address; and
prior to the NIC selectively accepting the one or more specialized data packets from the client computer, enabling the NIC to accept network traffic by loading a secret code from the client computer into a register in the NIC.
8. The system of claim 7 , wherein the secret code is loaded into the NIC from a Basic Input/Output System (BIOS) in the client computer during a boot of the client computer, and wherein the secret code is loaded into the BIOS during a BIOS set-up.
9. The system of claim 7 , wherein the secret code is provided by the authorized network administrative server.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.